[SOLVED] Lighttpd: access to IPs and subnets

Lexus45 · 10-07-2017, 02:26 AM

Hello all.
This seems not to work for me http://redmine.lighttpd.net/boards/2/topics/1279

I tried different variants but all the time the subnet is being blocked (and I'm trying to allow):

like this (single remoteip inside single url). But I get "403 Forbidden" to any src ip:

Code:

$HTTP["url"] =~ "^/adm/" {
$HTTP["remoteip"] != "33.222.0.0/16" {
		url.access-deny = ( "" )
	}
}

$HTTP["url"] =~ "^/adm/" {
$HTTP["remoteip"] !~ "^(75\.209\.116\.4|79\.31\.34\.79)$" {
    url.access-deny = ( "" )
}
}

like this ( several remoteip inside single url). In this case access is also blocked for all:

Code:

$HTTP["url"] =~ "^/adm/" {
	$HTTP["remoteip"] !~ "^(75\.209\.116\.4|79\.31\.34\.79)$" {
		url.access-deny = ("")
	}

	$HTTP["remoteip"] != "33.222.0.0/16" {
		url.access-deny = ( "" )
	}


}

The construction like (with "x"ses as wildcards) this still blocks subnet 33.222.0.0/16 whis is not what I want:

Code:

$HTTP["url"] =~ "^/zabbix/" {
	$HTTP["remoteip"] !~ "^(75\.209\.116\.4|79\.31\.34\.79|33\.222\.x\.x)$" {
		url.access-deny = ("")
	}
}

Does anybody use Lighttpd? How do you restrict access to certain URL - both for fixed IP addresses and subnets simultaneously ?

Thank you.

Lexus45 · 10-12-2017, 08:07 AM

This is the solution
https://redmine.lighttpd.net/boards/...2#message-7672

Code:

$HTTP["url"] =~ "^/adm/" {
    $HTTP["remoteip"] == "33.222.0.0/16" {
    }
    else $HTTP["remoteip"] == "75.209.116.4" {
    }
    else $HTTP["remoteip"] == "79.31.34.79" {
    }
    else $HTTP["remoteip"] != "" {  # (dummy match everything)
        url.access-deny = ( "" )
    }
}